Skip to content

Commit

Permalink
Fixes #5676 disable v2 onion addresses on restore on Focal
Browse files Browse the repository at this point in the history 
We filter out any v2 onion address related line from /etc/tor/torrc
and also the directories from /var/lib/tor/services. This will
happen only on Focal. On Xenial, everything stays the same.
  • Loading branch information
@kushaldas
kushaldas committed Feb 17, 2021
1 parent f3e51b4 commit e5fa74b
Show file tree
Hide file tree
Showing 2 changed files with 118 additions and 0 deletions.
90 changes: 90 additions & 0 deletions install_files/ansible-base/roles/restore/files/disable_v2.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
#!/usr/bin/env python3
# To execute on prod:
# python3 disable_v2.py /etc/tor/torrc /etc/tor/torrc
# To execute for testing locally:
# python3 disable_v2.py /etc/tor/torrc /tmp/dumytorrc
import sys


def filter_v2(filename):
# Read the file
with open(filename) as f:
data = f.readlines()
# We will store the filtered lines to result
result = []

i = 0
while i < len(data):
line = data[i]
if line == "HiddenServiceDir /var/lib/tor/services/source\n":
i += 1
while data[i].strip() == "":
i += 1
line = data[i]
if line == "HiddenServiceVersion 2\n":
i += 1
line = data[i]
while data[i].strip() == "":
i += 1
line = data[i]
if line == "HiddenServicePort 80 127.0.0.1:80\n":
i += 1
continue
# Now check for journalist
if line == "HiddenServiceDir /var/lib/tor/services/journalist\n":
i += 1
while data[i].strip() == "":
i += 1
line = data[i]
if line == "HiddenServiceVersion 2\n":
i += 1
line = data[i]
while data[i].strip() == "":
i += 1
line = data[i]
if line == "HiddenServicePort 80 127.0.0.1:8080\n":
i += 1
line = data[i]
while data[i].strip() == "":
i += 1
line = data[i]
if line == "HiddenServiceAuthorizeClient stealth journalist\n":
i += 1
continue
# Now the v2 ssh access
if line == "HiddenServiceDir /var/lib/tor/services/ssh\n":
i += 1
while data[i].strip() == "":
i += 1
line = data[i]
if line == "HiddenServiceVersion 2\n":
i += 1
line = data[i]
while data[i].strip() == "":
i += 1
line = data[i]
if line == "HiddenServicePort 22 127.0.0.1:22\n":
i += 1
line = data[i]
while data[i].strip() == "":
i += 1
line = data[i]
if line == "HiddenServiceAuthorizeClient stealth admin\n":
i += 1
continue


result.append(line)
i += 1

# Now return the result
return result


if __name__ == "__main__":
filename = sys.argv[1]
outputfilename = sys.argv[2]
result = filter_v2(filename)
with open(outputfilename, "w") as fobj:
for line in result:
fobj.write(line)
28 changes: 28 additions & 0 deletions install_files/ansible-base/roles/restore/tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,34 @@
name: apache2
state: reloaded

- name: Copy disable_v2.py script for Focal
copy:
src: "{{ role_path }}/files/disable_v2.py"
dest: /opt/disable_v2.py
when: ansible_distribution_release == 'focal'

- name: Execute disable_v2 script on Focal
command: python3 /opt/disable_v2.py /etc/tor/torrc /etc/tor/torrc
when: ansible_distribution_release == 'focal'

- name: Remove v2 tor source directory
file:
state: absent
path: /var/lib/tor/services/source
when: ansible_distribution_release == 'focal'

- name: Remove v2 tor journalist directory
file:
state: absent
path: /var/lib/tor/services/journalist
when: ansible_distribution_release == 'focal'

- name: Remove disable_v2.py script on Focal
file:
state: absent
path: /opt/disable_v2.py
when: ansible_distribution_release == 'focal'

- name: Reload Tor service
service:
name: tor
Expand Down

0 comments on commit e5fa74b

Please sign in to comment.